CLAIMS 

What is claimed is: 

11. A method of establishing a secured communication session across a remote network 





connection, comprising: 


D 


(a) 


receiving a first certificate that includes a first digital signature; 


4 


(b) 


obtaining a first public key; 


5 


(c) 


using the first pubHc key to verify the first digital signature; 


6 


(d) 


if the first digital signature in (c) is successfiilly verified, receiving a second 


7 




certificate that includes a second digital signature; 




(e)' 


obtaining a second pubUc key; and 




(f) 


using the second pubUc key to verify the second digital signature. 



^' ^'l 2. The method of claim 1 wherein said first and second digital signatures are signed with 

[ 1 2 difierent private keys. 

Ul 

U 1 3. The method of claim 1 wherein said second certificate inchides at least a portion of said 

2 first certificate. 

1 4. The method of claim 1 wherein (c) includes decrypting a portion of said first certificate to 

2 recover a first hash value. 

1 5. The method of claim 4 wherein (c) also includes computing a hash of at least a portion of 

2 said first certificate to produce a first computed hash value. 
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1 6. The method of claim 5 wherein said first hash value is compared to said first computed 

2 hash value. 

1 7. The method of claim 6 wherein (c) further includes determining said first digital signature 

2 is successfiilly verified if said first hash value matches said first computed hash value. 

1 8. The method of claim 1 wherein (f) includes decrypting a portion of said second certificate 

2 to recover a second hash value. 

l!l 9. The method of claim 8 wherein (f) also includes computing a hash of at least a portion of 

:l2 said second certificate to produce a second computed hash value. 

.. S 

HI 

"''l 10. The method of claim 9 wherein said second hash value is compared to said second 

^1 2 computed hash value. 

n 

1 11. The method of claim 10 further including successfully verifying said second digital 

2 signature if said second hash value matches said second computed hash value. 

1 12. A method of establishing a secured communication session across a remote network 

2 connection, comprising: 

3 (a) receiving first and second certificates that include first and second digital 

4 signatures, respectively; 



54698.02/1662.39900 



-14- 



5 






(s 
\j 


(c\ 
vW 




7 
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8 




digital signature; and 


9 


(e) 


pennitting the communication session to occur if both said first and said second 


10 




digital signatures are successfully verified. 



1 13. The method of claim 12 wherein said first and second digital signatures are signed with 

2 different private keys. 

Ul 14. The method of claim 12 wherein said second certificate includes at least a portion of said 

n 

•t :j? 

■■»I2 first certificate. 

W 

il 

I t 1 15. The method of claim 12 wherein (c) includes using said first pubHc key to decrypt a portion 

f jj 2 of said first certificate to recover a first hash value. 

i : 

1 16. The method of claim 15 wherein (c) also includes computing a hash of at least a portion of 

2 said first certificate to produce a first computed hash value. 

1 17. The method of claim 16 wherein (c) includes comparing said first hash value to said first 

2 computed hash value. 
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1 18. The method of claim 17 wherein (c) further includes determining that said first digital 

2 signature is successfully verified if said first hash value matches said first computed hash value. 

1 19. The method of claim 12 wherein (c) includes decrypting a portion of said second certificate 

2 to recover a second hash value. 

1 20. The method of claim 19 wherein (c) also includes computing a hash of at least a portion of 

2 said second certificate to produce a second computed hash value. 

i;3l 21. The method of claim 20 wherein (c) includes comparing said second hash value to said 



''"'1 22. The method of claim 21 further including successfully verifying said second digital 



4^2 second computed hash value. 



I 2 signature if said second hash value matches said second computed hash value. 



|, 1 23 . A method of creating a remotely verifiable certificate, comprising: 



2 



(a) 



retrieving a first signed certificate; 



3 



(b) 



combining together said first signed certificate witii other values; 



4 



(c) 



computing a hash of the combination fixjm (b); and 



5 



signing said hash firom (c) with a private key. 



1 24. The method of claim 23 wherein said other values in (b) includes an IP address. 
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1 25. The method of claim 23 wherein said other values in (b) includes a domain name. 

1 26. A computer, comprising: 

2 a processor; and 

3 a memory coupled to said processor; 

4 wherein said memory includes storage for a first certificate and a second certificate, said 

5 second certificate derived fi-om said first certificate. 

1 27. The computer system of claim 26 wherein said processor combines at least a portion of said 



2 first certificate with additional values, computes a hash of said combination, and encrypts said hash 

3 with a private key. 



1 28. The computer system of claim 27 wherein said additional values include an IP address. 

1 29. The computer system of claim 27 wherein said additional values include a domain name. 

1 30. The computer system of claim 26 wherein said first certificate includes a serial number. 

1 31. The computer system of claim 26 wherein said first certificate is not created by the server. 

1 32. A client system, comprising: 

2 a processor; and 

3 a memory coupled to said processor; and 



54698.02/1662.39900 



-17- 



a connection to a communication link to a server; 

wherein said processor requests a first certificate fi*om the server, verifies a first digital 
signature associated with said first certificate, and if said first digital signature is 
successfiiUy verified, requests a second certificate fi^om said server and verifies a 
second digital signature associated with said second certificate. 

33. The client system of claim 32 wherein the client uses two different pubHc keys to verify the 
first and second digital signatures, 

34. A client system, comprising: 
a processor; 

a memory coupled to said processor; and 

a connection to a communication link to a server; 

wherein said processor requests a first certificate and a second certificate firom the server, 
verifies a first digital signature associated with said first certificate, and if said first 
digital signature is successfiiUy verified, verifies a second digital signature 
associated with said second certificate. 

35. The client system of claim 34 wherein the client uses two different public keys to verify the 
first and second digital signatures. 
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